Security Analyst I

HP Advanced Solutions Inc.

May 22, 2015

Original postings on the Viatec site are removed after the position is closed, but the posting will be archived here. The original posting was at
http://www.viatec.ca/job-board/13847

Job Category: 
Technical
Job Specialization: 
Other
Job
Job Summary: 

Department:Corporate Services

Work Unit: Information Security Services

Manager Title: Privacy, Security and Compliance Officer

DEPARTMENT OVERVIEW

Information Security Services (ISS) plays a significant role within the Advanced Solutions risk management program by ensuring the privacy and security of information assets.  The Privacy, Security and Compliance program is specifically aligned to best practices for information security including ISO 17799/27002 and the Government of Canada’s Threat-Risk Methodology. 

DESCRIPTION

The role of Security Analyst is to assist senior security analysts with monitoring and analysis of the security of the IT environment.  Responsibilities include monitoring security audit logs and generating reports, assist with identifying potential security incidents, policy violations, fraudulent activity, and operational problems.  The Security Analyst will also work with operational staff to ensure ongoing compliance with policies, procedures and standards.   Participating in security-based projects that analyze the security posture of the infrastructure is also an important focus of the position.

ACCOUNTABILITIES/DELIVERABLES

  • Monitor in realtime events and reports from log correlation and alerting services;
  • Assists with daily operational security activities and initiates investigations in response to suspicious activity and potential security breaches;
  • Queries logs to extract specific information required to carry out security investigations;
  • Ensures log storage and disposal is being performed according to stated requirements;
  • Works with operational staff to coordinate network vulnerability and compliance scanning;
  • Maintains an understanding of the security environment and the associated infrastructure;
  • Applies knowledge of IT infrastructure to facilitate the process of evaluating security risks and controls;
  • Works closely with technical support staff and management;
  • Reviews antivirus and IDS/IPS reports;
  • Prepares and delivers reports as required;
  • Assists with  Privacy Impact and Security Risk Assessments (PIA & STRA);
  • Uses knowledge of current tools and technologies;
  • Applies industry best practices; and
  • Performs other related duties as required.

SUPERVISORY RESPONSIBILITY

Type of report: Direct (directly supervises assigned staff)

Type of report: Indirect reports (supervises through subordinate supervisors)

PROJECT/TEAM LEAD OR TRAINING RESPONSIBILITY

Role

  • Supervises students or volunteers
  • Leads project teams

Role

  • Provides formal training to other staff
  • Assigns, monitors, and examines work of staff

SELECTION CRITERIA

Education and Experience

  • Information Systems Diploma and 1 year related experience; or
  • Certificate and/or completed related courses, and 2 years related experience; or an equivalent combination of education and experience.

Preferred:

Current professional security certification, such as:

  • GIAC Security Essentials Certification (GSEC)
  • Systems Security Certified Practitioner (SSCP)
  • Microsoft Certified Systems Engineer (MCSE): Security
  • CompTIA Security+
  • Familiarity with programming/scripting concepts
  • Familiarity with network IDS/IPS and FW devices
  • Experience with centralized event log monitoring, management and archiving solutions
  • Experience with network vulnerability and compliance scanning

Asset:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)

Knowledge, Skills, and Abilities

  • Knowledge of ISO27001 and ISO27002 standards;
  • Knowledge of Enterprise risk management concepts with a focus on threat-risk assessment methodologies;
  • Knowledge of Information Security policy;
  • Knowledge of Information Security best practices;
  • Display a high level of effort and commitment to meeting deadlines;
  • Demonstrate mature judgement, tact and sound decision making;
  • Conduct themselves in a professional and confidential manner at all times;
  • Operate effectively and demonstrate trustworthiness and responsible behaviour;
  • Demonstrate eagerness to learn and assume responsibility and display a "can do" approach to work;
  • Show persistence and seek alternatives and solutions when obstacles arise;
  • Work in a resourceful manner to accomplish reasonable and expected work goals;
  • Show flexibility in response to process change and adapt to new business processes and procedures; and
  • Accept direction and feedback from team members or Manager and follow through appropriately.

REQUIRED COMPETENCIES

All HPAS employees are required to display the following competencies:

  • Customer Focus
  • Integrity and Trust
  • Ethics and Values
  • Motivating Others
  • Drive for Results
  • Building Effective Teams
  • Priority Setting
  • Decision Quality
  • Business Acumen
  • Organization